Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another Phishing Trick; More Osama Messages; Crunchy-Gooey Security Designs

Published: 2005-07-31
Last Updated: 2005-08-01 00:00:58 UTC
by Lenny Zeltser (Version: 1)
0 comment(s)
It's been a quiet day here in the land of the Net. Here are a few miscellaneous items that arrived in our mailbox recently.

Another Phishing Trick



Charles sent sent us a note about a phishing scam that used a relatively uncommon technique to attempt concealing the true location of the malicious link. The typical HREF link was enclosed in a FORM statement whose ACTION tag pointed to the phishing site. Although some mail clients may get confused by this, the latest version of Outlook Express does show the malicious URL when the mouse hovers over the link.

More Osama Messages



Ane wrote to us with concerns over malicious email messages with the subject "Osama bin Laden Captured." The message enticed the victim to visit a site that attempted installing a malicious executable. The use of such headlines to trick people is not new; however, there has been a rise in occurrence of such messages since June. We are not aware of these messages exploiting any new vulnerabilities, so you should be safe as long as:



1. Your Windows patches are up-to date

2. Your anti-virus is up-to-date

3. You do not click on suspicious email attachments or links



Today's points out that they've witnessed the Bobic worm "being seeded in emails claiming that Osama Bin Laden has been captured."

Crunchy-Gooey Security Designs



David told us about a New York Times article titled
. The article talks about security assessment projects conducted by Mark Seiden. The article mentions the familiar metaphor of many security infrastructure designs that "have this hard, crunchy outside, but they're very gooey and soft inside." One of the most difficult aspects of protecting such networks comes up during incident response: during the investigation one finds a plethora of logging information on perimeter devices. In contrast, internal systems often do not capture enough auditing details to allow the incident handler to determine what happened and why.



Lenny Zeltser

ISC Handler of the Day

http://www.zeltser.com
Keywords:
0 comment(s)
Diary Archives